Gift returns: the fraud vector nobody designs for
Your fraud scoring model knows a lot about the customer who placed the order. Account age, return history, payment method reputation, shipping address patterns, order velocity. All of it accumulates into a risk signal the moment someone clicks checkout.
The model knows almost nothing about the person who walks into your returns flow with a gift receipt and a product they didn't pay for.
This is the gift-return blind spot, and it's larger than most stores realize. Every fraud signal you've carefully tuned is attached to the purchaser. Once the return is from a different person, all of it stops applying, and a small but consistent fraction of that gap gets exploited.
Why gift returns are structurally different
A normal return has three facts locked together: who bought it, who shipped it to, and who is returning it. Usually these are all the same person, and even when they're not (gift purchases), the purchaser retains the relationship to the product. A fraudulent return attempt would have to work against the purchaser's history.
A gift return breaks the link. The person filling out the return form didn't pay, didn't have an account when the order was placed, and doesn't have any purchase history in your system. Their credentials are a gift receipt, a product, and a claim about who it was from.
You can verify the gift receipt. You can verify the product exists in your catalog and matches the SKU on the receipt. You can verify the original order was legitimate. What you cannot easily verify:
- Whether this person is actually the gift recipient
- Whether they have a pattern of returning gifts across multiple merchants
- Whether they're acting in coordination with the purchaser (part of an intentional exchange game)
- Whether the product they're returning is the same condition it was in when the purchaser received it
Traditional fraud prevention was built for the first three facts being linked. Gift returns systematically break one of them.
The patterns that get abused
There's a playbook. It's been circulating for years on various forums, and the specifics rotate as stores patch weaknesses, but the shape is consistent.
The "found it cheaper" exchange game
A customer buys an item at full price. A few weeks later, they request a gift receipt reprint, claiming they want to give it to someone. They then bring the item back as a "gift return" after the normal return window has closed, citing that the recipient didn't want it. The gift-return policy at most stores extends the return window, and some stores accept gift returns at full value even when the item was purchased on sale.
The purchaser got what they wanted. An extended return window and potentially a refund at the current price rather than the sale price they paid. Most stores don't have a system to detect this, because it requires connecting the gift-receipt reprint to the original order and flagging the unusual timing.
The "recipient scoring" bypass
A customer with a high risk score (many returns, disputes, etc.) knows their next order might get friction. They have a friend or family member place the order as a gift, shipped to them. The item arrives, they decide to return it, and they return it as a gift recipient rather than as themselves. The fraud scoring model can't attach the return to their pattern, because the return isn't being made by their account.
At a high enough return volume per customer, this is worth the extra coordination cost. Some of the most persistent return abusers have worked out this pattern and use a rotating set of purchaser identities.
The "gift-of-nothing" dropship hack
Requires more coordination and is rarer, but real. A seller on a secondary marketplace lists an item they don't have. When someone buys it, the seller places a gift order from your store, shipped to the buyer. If the buyer isn't happy, they return it to your store as a "gift," and the marketplace seller keeps the payment. Your store ends up absorbing the cost of a product that was used as inventory for someone else's unauthorized reselling operation.
The pattern signature is detectable. Orders that ship to addresses with no prior customer history, marked as gifts, where the purchaser's name doesn't match the billing name, followed by gift returns of the same items within 30 days.
The duplicated gift receipt
A customer legitimately receives a gift, but the gift receipt is easily reprinted from the order confirmation email. They take the item, return it as a gift to recover store credit, then get the purchaser to reprint the gift receipt and attempt a second return using a photo of the "same" item. If your return processing doesn't track gift-receipt usage as a one-time token, this can work.
Rare but growing. The pattern surfaces most often during post-holiday return surges.
What actually works
The instinct of most stores facing gift-return abuse is to tighten the gift-return policy broadly. Shorter windows, store-credit-only, require the original order number. These work. They also annoy the 95% of legitimate gift recipients in ways that are hard to quantify but measurable in reduced word-of-mouth and lost repeat purchasers.
The interventions that work with less collateral damage are more specific.
Store credit as the default, refund as an exception. A legitimate gift recipient almost always prefers store credit. They received a gift they didn't want. They're not expecting the purchaser's card to be refunded, and most of them don't want the awkwardness of that conversation. Offering store credit by default and refund only on explicit request captures 90% of gift returns at lower cost, because store credit stays within your ecosystem.
Track gift-receipt usage. Each gift receipt should be a single-use token tied to the original order's gift-return pool. Once one item is returned against it, the token is spent. Reprints don't create new tokens.
Link the gift return to the purchaser's record. The return was made by someone else, but it still happened to an order placed by the purchaser. Count it on the purchaser's pattern too. A customer whose gift-recipient returns rate is meaningfully higher than their direct-return rate deserves attention, because that pattern is either a recipient-scoring bypass or a very unlucky streak.
Shipping-address history enrichment. The address the gift shipped to is a data point. If your scoring system can check that address against known fraud patterns (shared addresses, dropship receivers, mail-forwarding services), you can flag gift returns that come from addresses you'd never have shipped a normal order to without scrutiny.
Extend the investigation window for high-value gift returns. A gift return above a certain price point (typically $200+ depending on your AOV) deserves a second set of eyes before the refund lands. Not blocked, reviewed. Labor cost is small because the volume is small, and the hit rate on genuinely abusive patterns in this slice is much higher than the general return population.
The luxury-specific problem
For luxury and high-AOV stores, gift returns are disproportionately risky. A single abusive gift return of a $2,400 handbag or an $1,800 watch is worth a hundred gift returns on $30 items at a general-merchandise store. The blast radius of each missed detection is much larger.
Luxury stores also get hit by a specific subpattern: the "gift" purchase that's actually a self-purchase laundered through a friend. A customer can't get past your credit check or has a recent chargeback. They ask a friend to buy the item and ship it to them. The item arrives, they return it as a gift, and either keep the store credit (preferred, since the friend can't easily access it) or route a refund back to the friend's card, who then Venmos it to them.
The purchaser's account shows no returns. The recipient isn't even in your system as a customer. The only signals available are the address pattern and the purchase-to-return-timing. Both of which require a scoring system that treats gift returns as first-class rather than a special case tacked onto the main return flow.
The takeaway
Gift returns are a category most stores treat as a minor edge case, which is exactly what makes them an effective abuse vector. The traditional fraud signals don't apply. The returning customer has no history. The product provenance is harder to verify. The purchaser's identity is separated by a layer of gift-receipt logic that most fraud tools don't model.
The fix isn't blanket policy tightening (that costs you legitimate customers). The fix is treating gift returns as a distinct category with their own detection logic. Track gift-receipt tokens, attribute gift returns back to the purchaser's pattern, enrich with shipping-address signals, default to store credit unless the recipient explicitly requests otherwise.
For luxury stores, the stakes are higher and the scrutiny should be proportional. A gift return above a dollar threshold deserves a second look before it completes. The labor cost is trivial compared to the hit rate.
Most stores will never make these changes, because gift returns are a small enough percentage of overall returns that they don't show up in the top-line fraud metrics. That's precisely why, for the stores who do pay attention, the ROI on getting this category right is usually higher than it looks.